summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-10-22Merge pull request #2386 from c-po/vxlan-t5671Christian Breunig
vxlan: T5671: change port to IANA assigned default port
2023-10-22vxlan: T5671: warn about changed default port numberChristian Breunig
2023-10-22Merge pull request #2390 from dmbaturin/T5672-remove-node.def-converterViacheslav Hletenko
scripts: T5672: remove the conf mode node.def importer
2023-10-21smoketest: T2897: add basic cluster configChristian Breunig
2023-10-21scripts: T5672: remove the conf mode node.def importerDaniil Baturin
2023-10-21Merge pull request #2385 from fett0/T5667Christian Breunig
T5667: BGP label-unicast enable ecmp
2023-10-20Merge pull request #2384 from srividya0208/T5642-1Christian Breunig
T5642: op-cmd: correction of generated file name
2023-10-20vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work!
2023-10-20T5667: BGP label-uniscat enable ecmpfett0
2023-10-20T5642: op-cmd: correction of generated file namesrividya0208
2023-10-19Merge pull request #2378 from c-po/bridge-t5670Christian Breunig
bridge: T5670: add missing constraint on "member interface" node
2023-10-19Merge pull request #2362 from nicolas-fort/T5541Christian Breunig
T5541: firewall zone: re add firewall zone-base firewall
2023-10-19Merge pull request #2377 from dmbaturin/T2897-no-clusterChristian Breunig
cluster: T2897: add a migration script for converting cluster to VRRP
2023-10-19Merge pull request #2344 from nicolas-fort/T5637Christian Breunig
T5637: add new rule at the end of base chains for default-actions and log capabilities
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls.
2023-10-19bridge: T5670: add missing constraint on "member interface" nodeChristian Breunig
One could specify a bridge member of VXLAN1 interface, but it is not possible to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN interface name validator. Add missing interface-name validator code
2023-10-19cluster: T2897: add a migration script for converting cluster to VRRPDaniil Baturin
2023-10-18Merge pull request #2373 from c-po/t4913-wifi-op-modeChristian Breunig
T4913: migrate wireless scripts to new op-mode style
2023-10-18Merge pull request #2374 from zdc/T5232-circinusChristian Breunig
pmacct: T5232: Fixed socket parameters for trigger-packets
2023-10-18pmacct: T5232: Fixed socket parameters for trigger-packetszsdc
This fixes sending packets to uacctd using a socket.
2023-10-17T4913: migrate wireless scripts to new op-mode styleChristian Breunig
2023-10-17Merge pull request #2371 from jestabro/bug-config-depJohn Estabrook
configdep: T5662: fix incorrect inspect.stack index of calling script
2023-10-17configdep: T5662: fix incorrect inspect.stack index of calling scriptJohn Estabrook
2023-10-17T5541: remove migration script from zone-based firewall to new cli. Syntax ↵Nicolas Fort
remains the same, so no migration is needed regarding this feature
2023-10-16op-mode: T5653: command to display SSH server public key fingerprintsJeffWDH
2023-10-16Merge pull request #2367 from aapostoliuk/T5642-currentChristian Breunig
op-mode: T5642: 'generate tech-support archive' moved to vyos-1x
2023-10-16Merge pull request #2366 from sever-sever/T5634Christian Breunig
T5634: Smoketest add OpenVPN encryption ciphers
2023-10-16op-mode: T5642: 'generate tech-support archive' moved to vyos-1xaapostoliuk
'generate tech-support archive' moved to vyos-1x. Output of 'show tech-support report' command is added to archive. The default location of the archive is moved to '/tmp'. The script is rewritten to Python.
2023-10-16T5634: Smoketest add encryption ciphersViacheslav Hletenko
As `providers legacy default` option was deleted with insecure DES and Blowfish ciphers, the smoketest cannot pass without adding encyption ciphers Otherwise Oct 16 09:41:34 r4 openvpn-vtun5[9648]: DCO version: N/A Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Cipher BF-CBC not supported Oct 16 09:41:34 r4 openvpn-vtun5[9648]: Exiting due to fatal error Fix the smoketest
2023-10-14Merge pull request #2359 from erkin/progressbarChristian Breunig
remote: T5650: Resize-aware progressbar implementation
2023-10-14Merge pull request #2361 from zdc/T5232-circinusChristian Breunig
pmacct: T5232: Fixed pmacct service control via systemctl
2023-10-13T5541: firewall zone: re add firewall zone-base firewallNicolas Fort
2023-10-12pmacct: T5232: Fixed pmacct service control via systemctlzsdc
pmacct daemons have one very important specific - they handle control signals in the same loop as packets. And packets waiting is blocking operation. Because of this, when systemctl sends SIGTERM to uacctd, this signal has no effect until uacct receives at least one packet via nflog. In some cases, this leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks. As a result, a working folder is not cleaned properly. This commit contains several changes to fix service issues: - add a new nftables table for pmacct with a single rule to get the ability to send a packet to nflog and unlock uacctd - remove PID file options from the uacctd and a systemd service file. Systemd can detect proper PID, and PIDfile is created by uacctd too late, which leads to extra errors in systemd logs - KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and the core process exits with status 1 because it loses connection to plugins too early. As a result, we have errors in logs, and the systemd service is in a failed state. - added logging to uacctd - systemctl service modified to send packets to specific address during a service stop which unlocks uacctd and allows systemctl to finish its work properly
2023-10-12Merge pull request #2357 from devon-mar/ldpd-template-errorsChristian Breunig
ldpd: T5648: Fix ldpd template errors
2023-10-12Merge pull request #2358 from jestabro/schema-checkChristian Breunig
xml: T5649: catch errors from schema validation before generating cache
2023-10-12remote: T5650: Resize-aware progressbar implementationerkin
2023-10-12xml: T5649: catch errors from schema validation before generating cacheJohn Estabrook
2023-10-12openvpn: T5634: fix permissions on migration fileJohn Estabrook
2023-10-12Merge pull request #2277 from aapostoliuk/T5254-1-sagittaDaniil Baturin
bonding: T5254: Fixed changing ethernet when it is a bond member
2023-10-12openvpn: T5634: fix typoJohn Estabrook
2023-10-11ldpd: T5648: Fix ldpd template errorsDevon Mar
Bug introduced in https://github.com/vyos/vyos-1x/commit/8fb6e715d32e7eff77e413d8577059dd55b24c0a
2023-10-11Merge pull request #2353 from dmbaturin/T5634-no-more-blowfishJohn Estabrook
openvpn: T5634: Remove support for insecure DES and Blowfish ciphers
2023-10-12openvpn: T5634: Remove support for insecure DES and Blowfish ciphersDaniil Baturin
2023-10-11Merge pull request #2342 from sever-sever/T5165Viacheslav Hletenko
T5165: Implement policy local-route source and destination port
2023-10-10Merge pull request #2352 from jestabro/api-self-configDaniil Baturin
http-api: T2612: correct the response message and add reload for api self-configuration
2023-10-09conf-mode: T5412: remove refs to vyos module for use by addon packagesJohn Estabrook
2023-10-09http-api: T2612: reload server within configsession for api self-configJohn Estabrook
2023-10-09http-api: T2612: send response before reconfiguring api serverJohn Estabrook
2023-10-08Merge pull request #2349 from Apachez-/T5489Christian Breunig
T5489: Change default qdisc from 'fq' to 'fq_codel'
2023-10-08Change to BBR as TCP congestion control, or at least make it an config optionApachez